Encryptile Ransomware

Encryptile Ransomware is a malicious program that might cause you a lot of trouble. Firstly, the threat encrypts user’s data with a strong encryption algorithm called Advanced Encryption Standard (AES). Secondly, it can block executable files, so you may be unable to launch various applications. Consequently, you might be not able to work with the computer properly. Of course, the malware’s creators may offer to unlock both personal and program files, but for such help, you would have to pay a ransom, and there are no guarantees or refunds. Thus, instead of paying the ransom, our researchers recommend deleting Encryptile Ransomware with the instructions located below. Erasing it will not decrypt your files, but at least it would allow you to use the computer the same way before it got infected. If you still have doubts, read the rest of the text before deciding what to do.

The malicious application is still being researched, but so far it looks like it could be distributed with suspicious email attachments. If you launch an infected file, Encryptile Ransomware could be executed automatically. Our specialists noticed that the malware may download two executable files to the user’s computer. These files should be placed in the %LOCALAPPDATA% directory. Still, it might be hard to identify this data as it could have random titles. For example, our specialists who tested Encryptile Ransomware received files named as notepad.exe, encryptile.exe, or similarly.

Moreover, for both of the mentioned executable files, the malicious program should create Registry entries too. The entries should appear in the following directories: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run or HKLM\_REMOTE_SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce. Of course, the created value names could have random titles as well, e.g. Unikey Manager, Service Runtime, etc. Because of these Registry entries, the infection can launch itself with the operating system. What is even worse is that it might restart with Windows in the Safe Mode too. Plus, Encryptile Ransomware could block some of the applications, such as the Task Manager, so removing it manually could be rather difficult even for experienced users.

As the threat starts the encryption process, it might create a document called Readlist.txt. This document is used to simply show you which files were enciphered as it would contain a list of all locked files. Also, during the process, the malware should create files named as Decrypt_[10 character ID].html, Decrypt_[10 character ID].jpg, Decrypt_[10 character ID].txt, and How to buy bitcoin_[10 character ID].txt in every folder where enciphered data is found. By doing so, the malicious program’s creators are probably trying to ensure that you would have all essential information required for paying the ransom.

Furthermore, when the encryption process is over, Encryptile Ransomware should replace your Desktop wallpaper and launch a particular program. This program is also created by the malicious application’s creators. Unfortunately, it cannot be closed, so it stays on top of your screen all the time. The window displays a ransom note and rather detailed instructions on how to pay the ransom. In addition, it suggests that you choose a file and email it to the infection’s creators. Apparently, they agree to unlock it just to convince you that they can decrypt your enciphered data.

Thus, for users who have an encrypted file they cannot replace, it might be a good idea to use this offer to decrypt one of your files for proof. Other data, you might be able to recover if you made any copies on removable media devices and other storages not connected to the infected computer, although first, it is important to take control over the system again. In order to do that, users could try to get rid of Encryptile Ransomware manually. The process might be difficult, so you should follow the provided instructions below this text. They will guide you through this process step by step. It is also possible to erase the malware with an antimalware tool too, although if you had such software, it should be reinstalled or you can download a new security tool.

Delete Encryptile Ransomware

Use another computer to burn Hiren’s BootCD to a USB key or a CD (you can download it from the official Hiren’s BootCD website).

Insert the USB key/CD with Hiren’s BootCD into the infectedcomputer.

Restart the computer and boot into the USB key/CD.

Choose Mini Windows XP and wait till it boots a portable version of the operating system.

Click the Hiren’s BootCD Program Launcher (icon with a picture of a screwdriver and wrench) located on the Taskbar’s rightcorner.